December 8, 2010 // 5:22 am - Update: According to several members (including jensen76, evilsperm, and sk group) when you downgrade a PS3 with the Modified 3.41 PUP (below), it currently cripples the Blu-ray player functionality. Some additional PS3 Blu-ray fix updates are outlined HERE, however, a more stable solution is still being worked on.

To quote from garyopa on one work-around: "I was able to restore one machine I had, by copying over all the files I had in the /dev_flash2 and /dev_flash3 back to the HDD, that I had saved before when it was on v3.41"

Forum member p666 also has expanded on the PS3 Blu-ray fix a bit HERE for those who need it, and atlask2 let us know of yet another Blu-ray drive solution HERE by Maes along with another PS3 Blu-ray Drive WIP Fix.

Although PSGrade won't currently work on the patched and recently released PS3 Firmware v3.55 update, yesterday the PSGrade free PS3 Downgrading hex codes and Master Key arrived along with PlayStation 3 downgrade hex codes for various PS3 JailBreak USB modchip devices alongside a PS3 Demo / Kiosk to Retail Console Guide by starcube.

By the way in case people missed it, this is the dongle master key (not the 0xAAAA device key): 0x04 0x4E 0x61 0x1B 0xA6 0xA6 0xE3 0x9A 0x98 0xCF 0x35 0x81 0x2C 0x80 0x68 0xC7 0xFC 0x5F 0x7A 0xE8. It works up to version 3.55 included. You can generate keys for any dongles' device id with it if people care.

The people having bluray movies playback issues after downgrading, this happens because you updated to a modified PUP (psjb one) which has its /dev_flash3/ tarball swapped (probably to a debug one, debug consoles do not sport bd movies playback) with other CRL/DRL revocation files.

0x24000 - USB Dongle Authenticator

0x24001 - Generate Challenge
0x24002 - Verify Response

0x24001 - Generate Challenge

I have got access to this service through DM and tested it

The service expects no input parameters except those in SS packet header

It uses 0x5003 service (Generate Random Number) to generate random numbers that are used in challenge body

The length of a challnge body is always 23 bytes, first 3 bytes are always the same: 0x2E 0x02 0x01

Here are hexdumps of some challenge bodies i let 0x24001 service generate:

The service calculates USB Dongle Key from USB Dongle ID and USB Dongle Master Key by using HMAC SHA-1

The service uses HMAC SHA-1 to calculate the correct response body from the challenge body and USB Dongle Key

After that the service compares the calculated response body with the given one that was sent to the service

It seems that laid and paid from SS packet header are used in decryption process

USB Dongle Master Key

USB Dongle Master Key is stored encrypted in Process 6

The encrypted key is 64 bytes large

The decrypted key is 20 bytes large

The USB Dongle Master Key is decrypted first time the service 0x24002 is used

The USB Dongle Master Key is decrypted by using the service 0x200E (Decrypt Master) of Vitual TRM Manager

The decrypted USB Dongle Master Key is stored in Process 6 in clear text (after first usage of this service)

When decryption of USB Dongle Master Key fails then a dummy key is used

Unfortunately, in the HV dump 3.15 the USB Dongle Master Key was not decrypted at the moment of dumping

The first 12 bytes of decrypted USB Dongle Master Key is a magic value: _USB_DONGLE_. After these 12 bytes follows the real USB Dongle Master Key of size 20 bytes. So, if after decryption of USB Dongle Master Key, you see this magic value then the decryption was successful.

Step 1. Connect PS3YES-Pro to your PC's USB portStep 2. About 6 seconds later , PS3YES-Pro's 8MB USB storage will be install on you PC.Step 3. Right-click on the USB disk's root path, and create a new text file and renamed it to 'enterduf'.Step 4. Eject the USB disk to PS3YES-Pro, remove it from PC and re-plug it to your PC's USB port.
(The following steps also used on PS3YES! and PS3YES-Pro too)Step 5. About 30 seconds later, the LED on PS3YES-Pro will switch off, you should install the ATMEL DFU driver to run the FLIP tool. You can jump to Step 8 if it was istealled aleady.Step 6. Install drivers to "AT90USB162" device, you should download and install FLIP tool from ATMEL (http://www.atmel.com/dyn/resources/prod_documents/JRE_Flip_Installer_3.4.2.exe).Step 7. You can found drivers to "AT90USB162" in the path of FLIP was installed, for example : "C:\Program Files\Atmel\Flip 3.4.2\usb".Step 8. Download the correct firmware's hex file. Make sure it was storage in a full English path and without space. for example "c:\".Step 9. Run the FLIP tool. Make sure at the first use the "Load Hex File..." menu under "File" menu to load the new firmware hex file.Step 10. Click the USB icon on FLIP and select "USB" , or press CTRL-U , and click "open" button in the following dialoag.Step 11. Click "Run" button start update PS3YES-Pro's firmware. it will display like this : if done.
(The fimware was updated now, the following step just fit to PS3YES-Pro, for stop enter DFU mode next time.)Step 12. Remove PS3YES-Pro from PC and plugin it again.Step 13. Delete the file "enterdfu" from the USB disks's root path in 30 seconds.

Part 2: How to use PS3YES-Pro downgrade the console's firmware from 3.50

Prepare: Download the downgrade files (http://www.sendspace.com/file/qlfoyi), an USB disk large to storage the upgrade files.Step 1: Please update your PS3YES-Pro with downgrade firware as Part 1.Step 2: Plug the "downgrade" PS3YES-Pro to the right port (close the Blue-Ray Driver), Power down the connsole and cut of the power. Re-connect power to the console, Press power on button, press the "EJECT" button in 200ms atfter power on button was pressed. Untill finished your downgrade, you don't need cut off the power angin. Step 3: The screen to the console will flash servral time and auto-turn-off, you can remove the PS3YES-Pro now (You console now ready to enter "Factory Mode" now)Step 4: Prepare an USB disk and formate it as FAT32 file system, copy two files to the USB disk: Lv2diag.self and PS3UPDAT.PUP, and place them under the root path. the the named "Lv2diag.self" should copy from the "Lv2diag.self FILE 1" folder.Step 5: Plug the USB disk to the right USB port to the console, and remove any other USB disk from your console, press power on button to boot.Step 6: Wait untill the console turn off again. Remove the USB disk from your console, and delete all the files, copy the "Lv2diag.self" from "Lv2diag.self FILE 2" folder to the USB disk's root path.Step 7: Plug the USB disk to the right USB port to the console, and press power on button, It will leave "Factory Mode" now.
Last Step: After finished downgrade the console , you can update PS3YES-Pro back

If you need to downgrade a PS3 with firmware version 3.50 or below you can now grab the PS3KEY JIG firmware from the downloads section! Please note that we do not host the modified PUP file or any other file that may contain copyrighted code.

1. Insert PS3USBJailbreak to PC2. Run 1.2.8 updater3. Click START.4. Insert PS3USBJailbreak device that has been reprogrammed as downgrader into your console5. Turn on the console using the same boot method as all other jailbreaks: Press power then immediately press eject. Your console will turn on.6. Turn off system via menu7. Remove PS3USBJailbreak dongle and turn on console to make sure you are in Factory Service Mode. You will see a huge red box on the screen saying Factory Service Mode.8. Load any blank FAT32 USB flash drive device with 2 files in the root directory:a. Modified 3.41 PUPb. Lv2Diag.self (File 1)9. These must be the only files on the USB key and must be placed in the main (root) directory.10. Insert flash drive into the last USB port to the right – the first USB port in from the right side if you're facing the console. Turn the PS3 on and you will see black screen but the PS3 HDD light will flash.11. The process takes 3-4 minutes for the system to install the old firmware. Towards the end, the power button on the console will start flashing green and then your console will power off.12. Remove the flash drive and turn on the console, you will still be in Factory Service Mode. Please verify you have downgraded successfully to version 3.41 by going to "System Information".13. (Optional) - If you wish to downgrade to any older firmware you can follow step 4, 5, 6 using any regular firmware PUP. (You do not need to use modified custom firmware now that you are on 3.41).14. Insert USB flash drive back into your PC and delete the PUP and Lv2Diag.self file (File 1) and copy the other Lv2Diag.self (File 2) to the root of the flash drive.15. Insert USB flash drive back into the same USB port on the PS3 and power on your PS3. After 10 seconds it will power off.16. Remove USB flash drive and turn on your console again. You will be out of factory service mode and back in retail mode with your chosen firmware version installed. You will need to go through setting up settings configuration.

PS3BREAK team release the latest downgrade mode firmware. Referring to reasons unexpected, delay to release these for this time. Sorry for the inconvenience caused.

Ps3break V1.0 Downgrade Mode Firmware will be issued today, but PS3BREAK V1.1 and V1.2 Downgrade Mode Firmware all the users concerned is testing and will be released later. Please pay more your attention to PS3BREAK official news closely.

How to downgrade firmware 3.42/3.50 or above to firmware 3.41 with PS3break dongle:

1. Insert PS3break dongle device into computer and flash in downgrade mode firmware as downgrader.2. Insert PS3break dongle device that has been reprogrammed as downgrader into your console.3. Turn on the console using the same boot method as all other jailbreaks: Press power then immediately press eject. Your console will turn on and PS3break dongle will light up green LED.4. After few minutes, the ps3 console power off automatic and red LED light up.5. Remove PS3break dongle and turn on console to make sure you are in Factory Service Mode. You will see a huge red box on the screen saying Factory Service Mode.6. Load any blank FAT32 USB flash drive device with 2 files in the root directory:

1. Modified 3.41 PUP2. Lv2Diag.self (File 1)

7. These must be the only files on the USB key and must be placed in the main (root) directory.8. Insert flash drive into the last USB port to the right – the first USB port in from the right side if you're facing the console. Turn the PS3 on and you will see black screen but the PS3 HDD light will flash.9. The process takes 3-4 minutes for the system to install the old firmware.
Towards the end, the power button on the console will start flashing green and then your console will power off.10. Remove the flash drive and turn on the console, you will still be in Factory Service Mode. Please verify you have downgraded successfully to version 3.41 by going to "System Information".11. (Optional) - If you wish to downgrade to any older firmware you can follow step 4, 5, 6 using any regular firmware PUP. (You do not need to use modified custom firmware now that you are on 3.41).12. Insert USB flash drive back into your PC and delete the PUP and Lv2Diag.self file (File 1) and copy the other Lv2Diag.self (File 2) to the root of the flash drive.13. Insert USB flash drive back into the same USB port on the PS3 and power on your PS3. After 10 seconds it will power off.14. Remove USB flash drive and turn on your console again. You will be out of factory service mode and back in retail mode with your chosen firmware version installed. You will need to go through setting up settings configuration. To go back to PS3break dongle device, just drag back the normal .hex files.

1. Download this attachment, unrar it.2. Plug p3go to computer and file update.bin goes to p3go root dir. (flashdisk not TF!)3. Unplug it and plug it in again (this will flash p3go to V10 core)4. Send file update.bin again to ps3go root dir and rename it to downgrade.bin5. Use normail jailbreak procedure (press start and enject) to switch on ps36. Turn off system via xmb.7. Power on and its factory / service mode!

Note: Rename downgrade.bin to anything to get back with jailbreak function (and it disable p3go factory/serivce mode)

WARNING: Downgrades using service mode have been causing loss of blu-ray movie playback on some consoles. Not everyone has experienced the problem but it is not clear what combination of downgrade FW/jig emulation/ps3 model/region will cause the problem so beware.

Enabled Factory/Service Mode - copy android.img.gz and zImage to /var/idroid and use normal JB process. Unit will power off and be in Service mode after you power it back on. Use at your own risk. iphone3G/2G ipt1G For FW 3.5 and below

Once you download the correct files above go into the iPhoDroid folder, click resources, iPhoDroid_image and replace the android.img.gz and zImage with the ones in the service_jig zip downloaded above, once done run iPhoDroid and shoot the files to your iPhone/iPod touch, this will enable factory service mode when powering on.

To use: remove desired payload from zip file and upload to /var/psfreedom/payloads/

For example, default_payload_3_41.bin would go in /var/psfreedom/payloads/3.41/default_payload_3_41.bin

default_payload=previously called "MOH" this is the recommended payload w/GAIA, payload_dev=peek+poke (not supported by GAIA manager),payload_no_unauth_syscall=previously called "NOS", this payload has the same functionality as Hermes 4b

Here is the release of our 1.4c Firmware. This firmware update includes the downgrader and the new V1.4 Eclipse Firmware.

We are proud to say that Blue Ray DVD works fine with our downgrader. An updated release of V1.4 Firmware will also be done in the coming days, so check our news section

We are proud to release the Eclipse downgrader for PS3. This firmware will allow you simply to flash the eclipse to downgrade your PS3 from V3.50 to lower firmwares. You will need to use the Eclipse firmware V1.3 to reflash the Eclips3 with a working Firmware. Just follow the instrutions written into the .txt file inside the firmware zip file.

The V1.4 Firmware complete with downgrader will be released tomorrow. Files are available in our Download area. Have Fun!

Here's the BETA for proof, tomorrow official will be released. You can use any Lev2diag.self files to downgrade once jailbreaked. We will place it online in few minutes, meantime you can also use this package: http://www.sendspace.com/file/qlfoyi

We are proud to release the Eclipse downgrader for PS3. This firmware will allow you simply to flash the eclipse to downgrade your PS3 from V3.50 to lower firmwares. You will need to use the Eclipse firmware V1.3 to reflash the Eclips3 with a working Firmware. Just follow the instrutions written into the .txt file inside the firmware zip file. The V1.4 Firmware complete with downgrader will be released tomorrow. Files are available in our Download area. Have Fun!

DOWNGRADING GUIDE

Note: When downgrading you may in some cases loose saved data on the PS3 HDD.

Flashing Eclipse

Flash your Eclipse as you normally would. After you have completed the downgrading procedure as described below you must reflash your Eclipse with the standard firmware.

DOWNGRADING PROCEDURE

Prepare a blank USB memory stick with only 2 files inside: Lv2Diag.self (file 1) and the modified 3.41 PUP file.
These must be in the root of the memory stick. No other file must be present.

Insert the Eclips3 with the downgrade firmware in your console.

Turn on the PS3 using the standard sequence; Remove power (or power plug) from the PS3,insert Eclips3 into USB port, power on, then quickly press eject. After a very short while the PS3 will power off.

Turn on the PS3 to confirm that it is in Service Mode. You should see a red box on the screen saying Factory Service Mode.
(If you are using a component cable the image might be garbled). Turn off the PS3 and remove Eclips3.

Insert the USB memory stick with the 2 files on in the "right USB port" of the PS3 and turn it on.
The screen will be black, but the LED on the PS3 will blink.

Wait for approximately 3 minutes. In the end the PS3 power button will flash green and then the PS3 will turn off.
Wait 3 minutes for the system to install the old FW, towards the end the power button on the console will start flashing green and then your console will power off.

Remove the USB memory stick and turn on the PS3. It will still be in service mode. you can now verify that it has been downgraded to v3.41. If you wish
to downgrade to an earlier firmware you can do so now, there is no need to use modified custom PUP when the firmware has already been downgraded to 3.41.

Recently, some players report that after jail-breaking, if the E3card Reader removed and re-plugged in ps3 again, the system will be halted. After look deep into the issue, we find that not only PS3 but also other Sony products have the same issue that failed to handle those devices which with multiple mass-storage devices attached and removed at the same time.

So, E3DIY releases a new firmware to walk-around. You can upgrade your E3card Reader follow the instructions listed below:

1. Plug the E3 Card Reader in your PC USB port and wait for the removable driver E3Upgrader.
2. Copy the ResetToKernel.bin to the E3Upgrader, wait until the E3Upgrader disappeared.
3. Wait for a removable driver named Kernelboot, and then copy the "e3fix usb freeze.bin" to this driver.
4: After doing these, you can copy other normal function files such as the one used to downgrading or those used to jail-breaking or the one used to protect your TF card, or other application in the future.

1. Jailbreak ps3 like normal with downgrade payload - power cycle
2. PS3 should blink a bit and shutdown again
3. Remove iPod from PS3
4. Turn on PS3 and confirm you are in factory mode (big red box)
5. Download DGF.rar, you will find the link in the thread above
6. Put the file 1 self file on an empty usb-stick, aswell as the modified 3.41 pup
7. Plug in the most right usb slot and start ps3 (normal, not jailbroken)
8. After about 3 minutes it should power off
9. Remove usb and boot normally to see if downgrade was succesfull
10. Put the file 2 self file on the usb stick (remove the file 1 and the pup)
11. Plug in usb stick and boot ps3
12. Remove usb and start ps3

NOTE: YOU MIGHT LOSE YOUR BD PLAYBACK ABILITY IF YOU DOWNGRADE SO USE THIS SOLELY AT YOUR OWN RISK!

PSGrade PS3 Downgrading Guides (From Above) Abridged:

FOR PS3USBJAILBREAK:

1. INSERT PS3USBJailbreak to PC
2. RUN PS3USBJAILBREAK.EXE
3. Select Downgrade from the dropdown box
4. CLICK START.
5. This will now be referred to as the DOWNGRADE JIG

FOR BLACKCAT USB:

1. On the BLACKCAT USB ENTER DFU MODE by PUSHING BOTH DFU SWITCHES TO THE RIGHT.
2. INSERT THE BLACKCAT USB to PC and PRESS RESET.
3. RUN BLACKCATUSB.EXE
4. Select the PSGrade Jig hex for the BLACKCAT USB and click program.
5. On the BLACKCAT USB EXIT DFU MODE by PUSHING BOTH DFU SWITCHES TO THE LEFT.
6. This will now be referred to as the DOWNGRADE JIG

FOR OTHER USB DONGLES:

1. LOAD the PSGrade Payload just like you would any PSGroove Payload. If you don't know how ask.
2. This will now be referred to as the DOWNGRADE JIG

PREPARING USB FLASH DRIVES

2 USB FLASH DRIVES:

1. INSERT a BLANK FAT32 USB Flash Drive and copy 2 files to the ROOT DIRECTORY:
a. Modified 3.41 PUP
b. Lv2Diag.self (File 1)
2. This will now be referred to as the USB DRIVE WITH 3.41 DOWNGRADE
3. INSERT the second BLANK FAT32 USB Flash Drive and copy 1 file to the ROOT DIRECTORY:
a. Lv2Diag.self (File 2)
4. This will now be referred to as the SERVICE MODE OFF USB DRIVE

1 USB FLASH DRIVE:

1. INSERT a BLANK FAT32 USB Flash Drive and copy 2 files to the ROOT DIRECTORY:
a. Modified 3.41 PUP
b. Lv2Diag.self (File 1)
2. This will now be referred to as the USB DRIVE WITH 3.41 DOWNGRADE
3. AFTER STEP 11. On the DOWNGRADING YOUR PS3 Section.
4. INSERT the USB DRIVE WITH 3.41 DOWNGRADE And DELETE BOTH FILES on the drive.
5. The drive should now be BLANK copy 1 file to the ROOT DIRECTORY:
a. Lv2Diag.self (File 2)
6. This will now be referred to as the SERVICE MODE OFF USB DRIVE

DOWNGRADING YOUR PS3 BEFORE DOWNGRADING BACKUP YOUR PS3:

1. INSERT the DOWNGRADE JIG into the LAST USB PORT TO THE RIGHT closest the Blu-Ray drive.
2. POWER OFF COMPLETELY either UNPLUG IT (FOR THE SLIM) or TURN OFF THE POWER SUPPLY SWITCH IN BACK (FOR THE FAT) Wait a second then TURN THE POWER SUPPLY SWITCH BACK ON OR PLUG IT BACK IN.
3. Turn on the console using the JAILBREAK BOOT METHOD: PRESS POWER, THEN IMMEDIATELY PRESS EJECT. Your console will TURN ON.
4. SHUT DOWN using the "SYSTEM MENU" NOT THE POWER BUTTON.
5. REMOVE the DOWNGRADE JIG and turn on console to make sure you are in "FACTORY/SERVICE MODE". You will see a huge red box on the screen saying "FACTORY/SERVICE MODE".
6. SHUT DOWN using the "SYSTEM MENU" NOT THE POWER BUTTON.
7. INSERT the USB DRIVE WITH 3.41 DOWNGRADE into the LAST USB PORT TO THE RIGHT closest the Blu-Ray drive.
8. TURN ON the PS3 and you will see black screen but the PS3 HDD light will flash. (Might not flash on some early models of the fat ps3).
9. The process takes 3-4 minutes for the system to install the old firmware. Towards the end, the power light on the console will start flashing green and then the PS3 will POWER OFF AUTOMATICLY.
10. REMOVE the USB DRIVE WITH 3.41 DOWNGRADE
11. TURN ON the PS3, you will still be in "FACTORY/SERVICE MODE", Please verify you have downgraded successfully to version 3.41 by going to "SYSTEM INFORMATION".

a. (OPTIONAL) -- If you only have 1 flash drive go to the 1 USB FLASH DRIVE section under number 3. And follow the instructions.
b. (OPTIONAL) - If you wish to downgrade down again to any older firmware you can use any regular firmware PUP. (You do not need to use modified custom firmware now that you are on 3.41).

12. SHUT DOWN using the "SYSTEM MENU" NOT THE POWER BUTTON.
13. INSERT the SERVICE MODE OFF USB DRIVE into the LAST USB PORT TO THE RIGHT closest the Blu-Ray drive.
14. TURN ON the PS3. After 10 seconds the PS3 will POWER OFF AUTOMATICLY.
15. REMOVE The SERVICE MODE OFF USB DRIVE. You will be out of "FACTORY/SERVICE MODE" and back in "RETAIL MODE" with your chosen firmware version installed. You will need to go through setting up settings configuration.
16. INSERT the JAILBREAK USB DEVICE Of your Choice into the LAST USB PORT TO THE RIGHT closest the Blu-Ray drive.
17. POWER OFF COMPLETELY either UNPLUG IT (FOR THE SLIM) or TURN OFF THE POWER SUPPLY SWITCH IN BACK (FOR THE FAT) Wait a second then TURN THE POWER SUPPLY SWITCH BACK ON OR PLUG IT BACK IN.
18. Turn on the console using the JAILBREAK BOOT METHOD: PRESS POWER, THEN IMMEDIATELY PRESS EJECT. Your console will TURN ON. (THE PS3 IS NOW JAILBROKEN!!!)